Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sophos Free A-V For Mac May Kill Time Machine Backups

Posted by timothy on Tuesday November 9, 2010 @03:26PM from the mysteriouser-enough-already dept.

kdawson writes "Herewith the tale of the instantaneous loss of 19 months of Time Machine backup data, with the possible involvement of a fresh install of Sophos's new free Mac A-V package. Sophos support has been contacted but has not responded as of this writing."

1 of 133 comments (clear)

Min score:

Reason:

Sort:

How does Sophos do this? by MarchHare · 2010-11-09 15:44 · Score: 4, Interesting

He tried to open a quarantined file, once with the 'cat' command
and once with vi, as root, and both times Sophos warned him and
prevented him from proceeding. Now, the code for the 'cat'
command is quite simple, it basically just does a open(2)
of the file and then issues a series of read(2). My question
is: Does Sophos actually intercept the system calls in order
to make sure no application opens an infected file? If so,
wouldn't that introduce a HUGE performance penalty on the
everything happening on the machine, since these system calls
are so crucial?